diff options
| author | jsing <> | 2019-02-09 15:26:15 +0000 |
|---|---|---|
| committer | jsing <> | 2019-02-09 15:26:15 +0000 |
| commit | 6535bd837c4df935c9b8881180e8dd93a83530dc (patch) | |
| tree | ccde70d521f0e94dd1570fd0a07f27a5b4ca631e /src/lib | |
| parent | 420e1203852fc99e786ceb80cff5559b6be38fbf (diff) | |
| download | openbsd-6535bd837c4df935c9b8881180e8dd93a83530dc.tar.gz openbsd-6535bd837c4df935c9b8881180e8dd93a83530dc.tar.bz2 openbsd-6535bd837c4df935c9b8881180e8dd93a83530dc.zip | |
Rename tls1_handshake_hash*() to tls1_transcript_hash*().
While handshake hash is correct (in as far as it is a hash of handshake
messages), using tls1_transcript_hash*() aligns them with the naming of the
tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses
Transcript-Hash and "transcript hash", which this matches.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_hash.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 6 |
7 files changed, 29 insertions, 29 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index b7d87268ab..de928bd70e 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.183 2019/01/24 15:50:47 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.184 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1574,7 +1574,7 @@ ssl3_free(SSL *s) | |||
| 1574 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 1574 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); |
| 1575 | 1575 | ||
| 1576 | tls1_transcript_free(s); | 1576 | tls1_transcript_free(s); |
| 1577 | tls1_handshake_hash_free(s); | 1577 | tls1_transcript_hash_free(s); |
| 1578 | 1578 | ||
| 1579 | free(S3I(s)->alpn_selected); | 1579 | free(S3I(s)->alpn_selected); |
| 1580 | 1580 | ||
| @@ -1622,7 +1622,7 @@ ssl3_clear(SSL *s) | |||
| 1622 | wlen = S3I(s)->wbuf.len; | 1622 | wlen = S3I(s)->wbuf.len; |
| 1623 | 1623 | ||
| 1624 | tls1_transcript_free(s); | 1624 | tls1_transcript_free(s); |
| 1625 | tls1_handshake_hash_free(s); | 1625 | tls1_transcript_hash_free(s); |
| 1626 | 1626 | ||
| 1627 | free(S3I(s)->alpn_selected); | 1627 | free(S3I(s)->alpn_selected); |
| 1628 | S3I(s)->alpn_selected = NULL; | 1628 | S3I(s)->alpn_selected = NULL; |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index e9e900b643..abdcc9791a 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.55 2019/01/23 18:39:28 beck Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.56 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -979,7 +979,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 979 | } | 979 | } |
| 980 | S3I(s)->hs.new_cipher = cipher; | 980 | S3I(s)->hs.new_cipher = cipher; |
| 981 | 981 | ||
| 982 | if (!tls1_handshake_hash_init(s)) | 982 | if (!tls1_transcript_hash_init(s)) |
| 983 | goto err; | 983 | goto err; |
| 984 | 984 | ||
| 985 | /* | 985 | /* |
| @@ -2446,7 +2446,7 @@ ssl3_send_client_verify_rsa(SSL *s, CBB *cert_verify) | |||
| 2446 | unsigned int signature_len = 0; | 2446 | unsigned int signature_len = 0; |
| 2447 | int ret = 0; | 2447 | int ret = 0; |
| 2448 | 2448 | ||
| 2449 | if (!tls1_handshake_hash_value(s, data, sizeof(data), NULL)) | 2449 | if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) |
| 2450 | goto err; | 2450 | goto err; |
| 2451 | 2451 | ||
| 2452 | pkey = s->cert->key->privatekey; | 2452 | pkey = s->cert->key->privatekey; |
| @@ -2481,7 +2481,7 @@ ssl3_send_client_verify_ec(SSL *s, CBB *cert_verify) | |||
| 2481 | unsigned int signature_len = 0; | 2481 | unsigned int signature_len = 0; |
| 2482 | int ret = 0; | 2482 | int ret = 0; |
| 2483 | 2483 | ||
| 2484 | if (!tls1_handshake_hash_value(s, data, sizeof(data), NULL)) | 2484 | if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) |
| 2485 | goto err; | 2485 | goto err; |
| 2486 | 2486 | ||
| 2487 | pkey = s->cert->key->privatekey; | 2487 | pkey = s->cert->key->privatekey; |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 90aca26625..a26b91976e 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.233 2019/01/24 02:56:41 beck Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.234 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1262,11 +1262,11 @@ int dtls1_enc(SSL *s, int snd); | |||
| 1262 | int ssl_init_wbio_buffer(SSL *s, int push); | 1262 | int ssl_init_wbio_buffer(SSL *s, int push); |
| 1263 | void ssl_free_wbio_buffer(SSL *s); | 1263 | void ssl_free_wbio_buffer(SSL *s); |
| 1264 | 1264 | ||
| 1265 | int tls1_handshake_hash_init(SSL *s); | 1265 | int tls1_transcript_hash_init(SSL *s); |
| 1266 | int tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len); | 1266 | int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len); |
| 1267 | int tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, | 1267 | int tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, |
| 1268 | size_t *outlen); | 1268 | size_t *outlen); |
| 1269 | void tls1_handshake_hash_free(SSL *s); | 1269 | void tls1_transcript_hash_free(SSL *s); |
| 1270 | 1270 | ||
| 1271 | int tls1_transcript_init(SSL *s); | 1271 | int tls1_transcript_init(SSL *s); |
| 1272 | void tls1_transcript_free(SSL *s); | 1272 | void tls1_transcript_free(SSL *s); |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index afc7c94de8..6872fa3523 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.63 2019/01/18 00:54:42 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.64 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -575,7 +575,7 @@ ssl3_accept(SSL *s) | |||
| 575 | * We need to get hashes here so if there is | 575 | * We need to get hashes here so if there is |
| 576 | * a client cert, it can be verified. | 576 | * a client cert, it can be verified. |
| 577 | */ | 577 | */ |
| 578 | if (!tls1_handshake_hash_value(s, | 578 | if (!tls1_transcript_hash_value(s, |
| 579 | S3I(s)->tmp.cert_verify_md, | 579 | S3I(s)->tmp.cert_verify_md, |
| 580 | sizeof(S3I(s)->tmp.cert_verify_md), | 580 | sizeof(S3I(s)->tmp.cert_verify_md), |
| 581 | NULL)) { | 581 | NULL)) { |
| @@ -1104,7 +1104,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1104 | S3I(s)->hs.new_cipher = s->session->cipher; | 1104 | S3I(s)->hs.new_cipher = s->session->cipher; |
| 1105 | } | 1105 | } |
| 1106 | 1106 | ||
| 1107 | if (!tls1_handshake_hash_init(s)) | 1107 | if (!tls1_transcript_hash_init(s)) |
| 1108 | goto err; | 1108 | goto err; |
| 1109 | 1109 | ||
| 1110 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | 1110 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 33158e160e..79a5bdd2b3 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.116 2018/11/08 22:28:52 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.117 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -919,7 +919,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out) | |||
| 919 | if (str_len < 0) | 919 | if (str_len < 0) |
| 920 | return 0; | 920 | return 0; |
| 921 | 921 | ||
| 922 | if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len)) | 922 | if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) |
| 923 | return 0; | 923 | return 0; |
| 924 | 924 | ||
| 925 | if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, | 925 | if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, |
diff --git a/src/lib/libssl/t1_hash.c b/src/lib/libssl/t1_hash.c index 50e0ad3ca0..12d66d4def 100644 --- a/src/lib/libssl/t1_hash.c +++ b/src/lib/libssl/t1_hash.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_hash.c,v 1.5 2018/11/21 15:13:29 jsing Exp $ */ | 1 | /* $OpenBSD: t1_hash.c,v 1.6 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -20,13 +20,13 @@ | |||
| 20 | #include <openssl/ssl.h> | 20 | #include <openssl/ssl.h> |
| 21 | 21 | ||
| 22 | int | 22 | int |
| 23 | tls1_handshake_hash_init(SSL *s) | 23 | tls1_transcript_hash_init(SSL *s) |
| 24 | { | 24 | { |
| 25 | const unsigned char *data; | 25 | const unsigned char *data; |
| 26 | const EVP_MD *md; | 26 | const EVP_MD *md; |
| 27 | size_t len; | 27 | size_t len; |
| 28 | 28 | ||
| 29 | tls1_handshake_hash_free(s); | 29 | tls1_transcript_hash_free(s); |
| 30 | 30 | ||
| 31 | if (!ssl_get_handshake_evp_md(s, &md)) { | 31 | if (!ssl_get_handshake_evp_md(s, &md)) { |
| 32 | SSLerrorx(ERR_R_INTERNAL_ERROR); | 32 | SSLerrorx(ERR_R_INTERNAL_ERROR); |
| @@ -46,7 +46,7 @@ tls1_handshake_hash_init(SSL *s) | |||
| 46 | SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); | 46 | SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); |
| 47 | goto err; | 47 | goto err; |
| 48 | } | 48 | } |
| 49 | if (!tls1_handshake_hash_update(s, data, len)) { | 49 | if (!tls1_transcript_hash_update(s, data, len)) { |
| 50 | SSLerror(s, ERR_R_EVP_LIB); | 50 | SSLerror(s, ERR_R_EVP_LIB); |
| 51 | goto err; | 51 | goto err; |
| 52 | } | 52 | } |
| @@ -54,13 +54,13 @@ tls1_handshake_hash_init(SSL *s) | |||
| 54 | return 1; | 54 | return 1; |
| 55 | 55 | ||
| 56 | err: | 56 | err: |
| 57 | tls1_handshake_hash_free(s); | 57 | tls1_transcript_hash_free(s); |
| 58 | 58 | ||
| 59 | return 0; | 59 | return 0; |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | int | 62 | int |
| 63 | tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len) | 63 | tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) |
| 64 | { | 64 | { |
| 65 | if (S3I(s)->handshake_hash == NULL) | 65 | if (S3I(s)->handshake_hash == NULL) |
| 66 | return 1; | 66 | return 1; |
| @@ -69,7 +69,7 @@ tls1_handshake_hash_update(SSL *s, const unsigned char *buf, size_t len) | |||
| 69 | } | 69 | } |
| 70 | 70 | ||
| 71 | int | 71 | int |
| 72 | tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, | 72 | tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, |
| 73 | size_t *outlen) | 73 | size_t *outlen) |
| 74 | { | 74 | { |
| 75 | EVP_MD_CTX *mdctx = NULL; | 75 | EVP_MD_CTX *mdctx = NULL; |
| @@ -103,7 +103,7 @@ tls1_handshake_hash_value(SSL *s, const unsigned char *out, size_t len, | |||
| 103 | } | 103 | } |
| 104 | 104 | ||
| 105 | void | 105 | void |
| 106 | tls1_handshake_hash_free(SSL *s) | 106 | tls1_transcript_hash_free(SSL *s) |
| 107 | { | 107 | { |
| 108 | EVP_MD_CTX_free(S3I(s)->handshake_hash); | 108 | EVP_MD_CTX_free(S3I(s)->handshake_hash); |
| 109 | S3I(s)->handshake_hash = NULL; | 109 | S3I(s)->handshake_hash = NULL; |
| @@ -191,7 +191,7 @@ tls1_transcript_freeze(SSL *s) | |||
| 191 | int | 191 | int |
| 192 | tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len) | 192 | tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len) |
| 193 | { | 193 | { |
| 194 | if (!tls1_handshake_hash_update(s, buf, len)) | 194 | if (!tls1_transcript_hash_update(s, buf, len)) |
| 195 | return 0; | 195 | return 0; |
| 196 | 196 | ||
| 197 | if (!tls1_transcript_append(s, buf, len)) | 197 | if (!tls1_transcript_append(s, buf, len)) |
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index df9b91b202..6578438c78 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.4 2019/02/09 15:20:05 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.5 2019/02/09 15:26:15 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -288,9 +288,9 @@ tls13_server_hello_recv(struct tls13_ctx *ctx) | |||
| 288 | S3I(ctx->ssl)->hs_tls13.secrets = secrets; | 288 | S3I(ctx->ssl)->hs_tls13.secrets = secrets; |
| 289 | 289 | ||
| 290 | /* XXX - pass in hash. */ | 290 | /* XXX - pass in hash. */ |
| 291 | if (!tls1_handshake_hash_init(s)) | 291 | if (!tls1_transcript_hash_init(s)) |
| 292 | goto err; | 292 | goto err; |
| 293 | if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len)) | 293 | if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) |
| 294 | goto err; | 294 | goto err; |
| 295 | context.data = buf; | 295 | context.data = buf; |
| 296 | context.len = hash_len; | 296 | context.len = hash_len; |